Friday, 2019-01-04

« Thursday, 2019-01-03 Index Saturday, 2019-01-05 »
*** yamamoto has quit IRC00:42
openstackgerritMichael Johnson proposed openstack/octavia-tempest-plugin master: Add a TLS scenario using Barbican  https://review.openstack.org/62807500:46
bzhao__https://www.irccloud.com/pastebin/uurRYByR/00:58
*** yamamoto has joined #openstack-lbaas01:01
bzhao__johnsom: Also, I create the test certs in octavia-tempest-plugin repo directory by creating a new tmp dir..And create them using a shell script. Then upload the necessary certs into KMS(barbican), using the other part for test locally or upload to the member vm to start https server.01:01
johnsombzhao__ Hi, sorry I missed these messages. I have also started on Barbican/TLS tests. I have the cert creation done (still need to bundle to pkcs12) and was looking at how best to access barbican as a client.01:04
johnsombzhao__ As for the host name validation, I was going to override the hostname validation of the "requests" library to have it check for a pre-defined string instead of a hostname.01:05
johnsombzhao__ Other than the barbican service client issue, I have the rest of the gate setup here: https://review.openstack.org/#/c/628075 It's broken because I was testing a point about requirements, but it is the general idea.01:06
bzhao__johnsom:  ha, I force to load barbican tempest plugin and load the client from the internal os_admin.secret_v1. ;-). Just current proposal, and I think it's not good.01:09
johnsombzhao__ See this for the host validation: https://github.com/openstack/octavia/blob/master/octavia/amphorae/drivers/haproxy/rest_api_driver.py#L29401:10
johnsombzhao__ Yeah, so we are both thinking about how to do this barbican call01:10
johnsombzhao__ I might just use the python-barbicanclient if I can figure out how to get the right credential out of tempest to use with the barbican client.01:12
johnsomI think I need something out of "cls.os_roles_lb_member" that I can use to authenticate the barbican client.01:13
bzhao__johnsom:  For host name validation, I test with inject the host name into kwargs to request, but it fails if I not change the /etc/hosts https://usercontent.irccloud-cdn.com/file/Z5myYLFP/image.png01:13
johnsombzhao__ Yeah, we don't necessarily need to inject it into the request, more that we need to override the requests library to validate our string instead of the host and CN.01:14
johnsomThis is how we authenticate the amphora certs01:15
bzhao__johnsom:  Correct, I think python-barbicanclient is the right way. And I make a mistake about the host name validation yesterday. ;-)01:15
bzhao__johnsom:  I need to base on your thought to refactor and the current code your proposal. Maybe some changes to https server also. ;-).01:17
johnsombzhao__ Ok. I think I will continue to work on my patch and we can align the patches once yours is posted. Is that ok?01:18
johnsomIt may be a bit of duplicate work, but in the end we can take the best ideas and merge them01:19
bzhao__johnsom: OK. Thank you for kind suggest. I will split my proposal and post the new https server code first. Yeah, I think there is a duplicate work there. OK, very happy to chat with you. ;-)01:20
johnsombzhao__ You too01:21
bzhao__johnsom:  I re-think the https://storyboard.openstack.org/#!/story/2004679 bug, this bug hit in octavia-worker process. But https://storyboard.openstack.org/#!/story/2004665 this bug hits in octavia-health-keeping process, and calros's fix seems to evade the issue just for octavia health keeping cases. What the first bug  is during I create a member to exist LB resources(including L7 resources), so I think that could01:33
bzhao__be a bigger problem, and we just see a little part in house keeping side., there may need more fixes, I think. ;-)01:33
johnsomYes, I agree. The ORM is going off the rails and we need to fix it01:37
cgoncalvesORM is eager loading everything because it's instructed to do so...01:42
johnsomI know we switched it to do that because it was eating up all the connection slots round tripping for everything.01:46
johnsomPersonally I don't think we should ever star join anything01:47
*** yamamoto has quit IRC01:47
johnsomBut I am also not a fan of many of these ORM layers that make poor choices01:47
*** yamamoto has joined #openstack-lbaas01:48
*** yamamoto has quit IRC01:53
*** yamamoto has joined #openstack-lbaas02:10
*** hongbin has joined #openstack-lbaas02:15
*** abaindur has quit IRC02:27
*** abaindur has joined #openstack-lbaas02:28
*** abaindur_ has joined #openstack-lbaas02:31
*** abaindur has quit IRC02:33
*** abaindur_ has quit IRC02:38
*** abaindur has joined #openstack-lbaas02:38
*** abaindur_ has joined #openstack-lbaas02:41
*** abaindur has quit IRC02:43
*** abaindur has joined #openstack-lbaas02:43
*** abaindur_ has quit IRC02:46
*** abaindur_ has joined #openstack-lbaas02:46
*** abaindur has quit IRC02:48
*** abaindur has joined #openstack-lbaas02:50
*** yamamoto has quit IRC02:51
*** yamamoto has joined #openstack-lbaas02:52
*** abaindur_ has quit IRC02:53
*** abaindur has quit IRC02:54
*** abaindur has joined #openstack-lbaas02:55
*** celebdor has quit IRC02:55
*** abaindur has quit IRC03:03
*** psachin has joined #openstack-lbaas03:04
*** psachin has quit IRC03:07
*** psachin has joined #openstack-lbaas03:08
*** yamamoto has quit IRC03:24
*** hongbin has quit IRC03:26
*** sapd1 has joined #openstack-lbaas03:37
*** hongbin has joined #openstack-lbaas04:01
*** sapd1_ has quit IRC04:12
*** sapd1__ has joined #openstack-lbaas04:12
*** ramishra has joined #openstack-lbaas04:18
*** sapd1_x has joined #openstack-lbaas04:31
*** sapd1 has quit IRC04:31
*** hongbin has quit IRC04:52
*** yamamoto has joined #openstack-lbaas05:22
*** phuoc_ has joined #openstack-lbaas05:25
*** phuoc has quit IRC05:27
*** yamamoto has quit IRC06:04
openstackgerritYang JianFeng proposed openstack/octavia master: Add listener and pool protocol validation  https://review.openstack.org/59404006:32
*** yamamoto has joined #openstack-lbaas06:42
*** yangjianfeng has joined #openstack-lbaas06:42
*** yangjianfeng has quit IRC06:42
*** rcernin has quit IRC06:47
*** sapd1_x has quit IRC06:57
*** sapd1_x has joined #openstack-lbaas06:58
*** sapd1__ has quit IRC07:41
*** rpittau has joined #openstack-lbaas07:53
*** abaindur has joined #openstack-lbaas07:55
*** abaindur has quit IRC07:55
*** abaindur has joined #openstack-lbaas07:56
*** yamamoto has quit IRC07:58
*** celebdor has joined #openstack-lbaas08:31
*** gcheresh has joined #openstack-lbaas08:50
*** gcheresh has quit IRC08:59
*** gcheresh has joined #openstack-lbaas09:15
*** abaindur has quit IRC09:27
*** yamamoto has joined #openstack-lbaas09:40
*** celebdor has quit IRC09:41
*** yamamoto has quit IRC09:43
*** sapd1_x has quit IRC11:13
*** rpittau is now known as rpittau|lunch11:28
*** rpittau|lunch has quit IRC11:43
*** rpittau|lunch has joined #openstack-lbaas11:44
jitekahey johnsom, while following it I found a small mistake in "Octavia Certificate Configuration Guide" in "Configuring Octavia" section11:44
jitekahttps://docs.openstack.org/octavia/latest/admin/guides/certificates.html#configuring-octavia11:44
jiteka# chmod 700 /etc/octavia/certs/client.cert-key.pem11:44
jitekashould be :11:44
jiteka# chmod 700 /etc/octavia/certs/client.cert-and-key.pem11:44
*** gcheresh has quit IRC11:48
*** rpittau|lunch has quit IRC11:58
*** rpittau|lunch has joined #openstack-lbaas12:01
*** rpittau|lunch has quit IRC12:13
*** rpittau|lunch has joined #openstack-lbaas12:13
*** rpittau|lunch has quit IRC12:28
*** rpittau has joined #openstack-lbaas12:33
*** gcheresh has joined #openstack-lbaas13:30
*** gcheresh has quit IRC13:42
*** celebdor has joined #openstack-lbaas14:01
*** velizarx has joined #openstack-lbaas14:18
*** gcheresh has joined #openstack-lbaas14:24
*** velizarx has quit IRC14:33
*** velizarx has joined #openstack-lbaas15:28
openstackgerritzhulingjie proposed openstack/octavia master: Update hacking version to latest  https://review.openstack.org/62850915:59
*** velizarx has quit IRC16:11
*** gcheresh has quit IRC16:12
openstackgerritMichael Johnson proposed openstack/octavia master: Fix a typo in the certificates admin guide.  https://review.openstack.org/62858816:32
johnsomjiteka Thanks, ^^^ updated16:32
*** psachin has quit IRC16:32
*** gcheresh has joined #openstack-lbaas16:32
*** gcheresh has quit IRC16:42
*** celebdor has quit IRC17:00
*** celebdor has joined #openstack-lbaas17:01
*** ramishra has quit IRC17:06
openstackgerritzhulingjie proposed openstack/octavia-tempest-plugin master: Update hacking version to latest  https://review.openstack.org/62863117:08
openstackgerritzhulingjie proposed openstack/octavia-lib master: Update hacking version to latest  https://review.openstack.org/62863317:08
*** rpittau has quit IRC17:12
*** celebdor has quit IRC17:12
openstackgerritzhulingjie proposed openstack/neutron-lbaas master: Update hacking version to latest  https://review.openstack.org/62864617:48
openstackgerritMerged openstack/octavia master: fix typo mistakes  https://review.openstack.org/62541918:44
openstackgerritMerged openstack/octavia master: Modify the doc word error  https://review.openstack.org/62372018:54
*** velizarx has joined #openstack-lbaas19:19
*** velizarx has quit IRC19:34
*** gcheresh has joined #openstack-lbaas20:06
*** abaindur has joined #openstack-lbaas20:09
*** gcheresh has quit IRC20:30
*** gcheresh has joined #openstack-lbaas21:05
*** gcheresh has quit IRC21:51
johnsomWhy oh why is barbican a roach motel23:29
johnsomsecrets go in but can't come out....  delete even with admin creds, one line below the create, fails.23:30
*** openstack has joined #openstack-lbaas23:47
*** ChanServ sets mode: +o openstack23:47
« Thursday, 2019-01-03 Index Saturday, 2019-01-05 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!